View this email in your browser.

In Nightfall’s Trends in Cloud Security Newsletter, we review the top stories and developments in cloud security. Some of this issue’s highlights include: 

  • Tomorrow at 11 PT we're hosing a live webinar where we'll cover how to scan code repos leveraging machine learning. Also, join us this weekend at BsidesSF and next week at RSA

  • Learn about some of last month's most shocking leaks, including a tempory gaffe by an Amazon employee.

  • Read Nightfall's post in ITProPortal about developing a security-first, cloud native mindset to derive best practices in the cloud.

Read these stories and other timely cloud security stories below.

Incidents in the Cloud
Google Photos Leak Poses Enterprise Threats
A recent Google Photos data leak underscores the fact that any company is subject to technical issues, software glitches and employee mistakes. Some users were surprised to learn that despite proactively taking strong security measures across its product lines, Google slips up too.
US Education Non-Profit Leaks Data on Thousands of Students
A US education non-profit appears to have unwittingly leaked the personal information of thousands of students after leaving two online MongoDB databases exposed. The privacy snafu was discovered by noted researcher Bob Diachenko and affected the Institute of International Education (IIE), an organization set up to promote educational and cultural exchanges with other countries.
Prison inmates' sensitive data left exposed on leaky cloud bucket
Researchers at VPNMentor have uncovered a data leak that has exposed prescription records, mugshots, and other sensitive information related to an unknown number of inmates. On January 3, the researchers found that over 36,000 PDF files had been exposed on an unsecured Amazon Web Services S3 bucket (natch) used by JailCore, a cloud-based app used by several US states correctional facilities.
Trello App Exposes Personally Identifiable Information of its Users
Craig Jones, global cybersecurity operations director at Sophos, has discovered that Trello, an app used for organizing personalized to-do lists and coordinating team tasks, exposed the personally identifiable information (PII) data of its users who made their Trello boards "public."
Amazon Engineer Leaked Private Encryption Keys. Outside Analysts Discovered Them in Minutes
An Amazon Web Services (AWS) engineer last month inadvertently made public almost a gigabytes worth of sensitive data, including their own personal documents as well as passwords and cryptographic keys to various AWS environments.
No big deal, Rogers, your internal source code and keys are only on the open web. Don't hurry to take it down
Source code, internal user names and passwords, and private keys, for the website and online account systems of Canadian ISP Rogers have been found sitting on the open internet. The leaked software, seemingly uploaded to GitHub by a Rogers engineer before they left the telco, is written in Java and powered the front-end for various parts of
Strategies for Securing the Cloud
Seven cybersecurity and privacy forecasts for 2020
Learn about seven growing areas of concern within the world of cybersecurity and why they matter for 2020 and beyond.
Why Leaky Clouds Lead to Data Breaches
This past summer, we witnessed yet another massive data breach due to a misconfigured AWS cloud instance, and hundreds of thousands of Capital One's customers' Social Security and bank account numbers were exposed as a result. Smaller-scale data breaches like this occur frequently, and unfortunately, we're bound to see more of these breaches in the future even though they're easy to avoid.
Deriving best practices from a security-first, cloud native mindset
A security-first mindset, coupled with a cloud native mindset, can provide a great starting point for organisations wanting to migrate to the cloud securely by offering insight into some of the most important best practices for building a robust and securable cloud architecture.
NSA Offers Advice on Securing Clouds
The National Security Agency issued an advisory with technical guidance for procuring and securing systems reliant on cloud service providers amid a push for the government to adopt the technology.

This email was sent to <<Email Address>>
why did I get this?    unsubscribe from this list    update subscription preferences
Nightfall · 425 California St · San Francisco, CA 94104-2102 · USA